ID

VAR-199807-0005


CVE

CVE-1999-1436


TITLE

World Wide Web Authorization Gateway Vulnerability

Trust: 0.6

sources: CNNVD: CNNVD-199807-008

DESCRIPTION

Ray Chan WWW Authorization Gateway 0.1 CGI program allows remote attackers to execute arbitrary commands via shell metacharacters in the "user" parameter. Version 1.0 fails to eliminate characters with special meaning to the shell prior to executing a command. As a result, an attacker can utilize certain characters to execute arbitrary commands on a system remotely, as whatever user invoked the cgi-bin

Trust: 1.26

sources: NVD: CVE-1999-1436 // BID: 152 // VULHUB: VHN-1417

AFFECTED PRODUCTS

vendor:ray chanmodel:www authorization gatewayscope:eqversion:0.1

Trust: 1.6

vendor:raymodel:chan www authorization gatewayscope:eqversion:0.1

Trust: 0.3

sources: BID: 152 // CNNVD: CNNVD-199807-008 // NVD: CVE-1999-1436

CVSS

SEVERITY

CVSSV2

CVSSV3

nvd@nist.gov: CVE-1999-1436
value: HIGH

Trust: 1.0

CNNVD: CNNVD-199807-008
value: HIGH

Trust: 0.6

VULHUB: VHN-1417
value: HIGH

Trust: 0.1

nvd@nist.gov: CVE-1999-1436
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 1.0

VULHUB: VHN-1417
severity: HIGH
baseScore: 7.5
vectorString: AV:N/AC:L/AU:N/C:P/I:P/A:P
accessVector: NETWORK
accessComplexity: LOW
authentication: NONE
confidentialityImpact: PARTIAL
integrityImpact: PARTIAL
availabilityImpact: PARTIAL
exploitabilityScore: 10.0
impactScore: 6.4
acInsufInfo: NONE
obtainAllPrivilege: NONE
obtainUserPrivilege: NONE
obtainOtherPrivilege: NONE
userInteractionRequired: NONE
version: 2.0

Trust: 0.1

sources: VULHUB: VHN-1417 // CNNVD: CNNVD-199807-008 // NVD: CVE-1999-1436

PROBLEMTYPE DATA

problemtype:NVD-CWE-Other

Trust: 1.0

sources: NVD: CVE-1999-1436

THREAT TYPE

remote

Trust: 0.6

sources: CNNVD: CNNVD-199807-008

TYPE

input validation

Trust: 0.6

sources: CNNVD: CNNVD-199807-008

EXPLOIT AVAILABILITY

sources: VULHUB: VHN-1417

EXTERNAL IDS

db:BIDid:152

Trust: 2.0

db:NVDid:CVE-1999-1436

Trust: 2.0

db:CNNVDid:CNNVD-199807-008

Trust: 0.7

db:BUGTRAQid:19980708 WWW AUTHORIZATION GATEWAY

Trust: 0.6

db:EXPLOIT-DBid:19121

Trust: 0.1

db:VULHUBid:VHN-1417

Trust: 0.1

sources: VULHUB: VHN-1417 // BID: 152 // CNNVD: CNNVD-199807-008 // NVD: CVE-1999-1436

REFERENCES

url:http://www.securityfocus.com/bid/152

Trust: 2.7

url:http://marc.info/?l=bugtraq&m=90221104525905&w=2

Trust: 2.0

url:http://marc.theaimsgroup.com/?l=bugtraq&m=90221104525905&w=2

Trust: 0.6

url:http://home.hkstar.com/~west/perl98/html/auth.html

Trust: 0.3

url:http://marc.info/?l=bugtraq&m=90221104525905&w=2

Trust: 0.1

sources: VULHUB: VHN-1417 // BID: 152 // CNNVD: CNNVD-199807-008 // NVD: CVE-1999-1436

CREDITS

This vulnerability was reported to Bugtraq by Albert Nubdy <formatez@EDUREDES.EDU.DO> on July 8, 1998.

Trust: 0.9

sources: BID: 152 // CNNVD: CNNVD-199807-008

SOURCES

db:VULHUBid:VHN-1417
db:BIDid:152
db:CNNVDid:CNNVD-199807-008
db:NVDid:CVE-1999-1436

LAST UPDATE DATE

2024-11-22T23:03:23.637000+00:00


SOURCES UPDATE DATE

db:VULHUBid:VHN-1417date:2016-10-18T00:00:00
db:BIDid:152date:2009-07-11T00:16:00
db:CNNVDid:CNNVD-199807-008date:2005-10-20T00:00:00
db:NVDid:CVE-1999-1436date:2024-11-20T23:31:06.810

SOURCES RELEASE DATE

db:VULHUBid:VHN-1417date:1998-07-08T00:00:00
db:BIDid:152date:1998-07-08T00:00:00
db:CNNVDid:CNNVD-199807-008date:1998-07-08T00:00:00
db:NVDid:CVE-1999-1436date:1998-07-08T04:00:00